US6947560B1  Method and device for effective key length control  Google Patents
Method and device for effective key length control Download PDFInfo
 Publication number
 US6947560B1 US6947560B1 US09/461,766 US46176699A US6947560B1 US 6947560 B1 US6947560 B1 US 6947560B1 US 46176699 A US46176699 A US 46176699A US 6947560 B1 US6947560 B1 US 6947560B1
 Authority
 US
 United States
 Prior art keywords
 input
 device
 key
 plurality
 delay elements
 Prior art date
 Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
 Active
Links
Images
Classifications

 G—PHYSICS
 G06—COMPUTING; CALCULATING; COUNTING
 G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
 G06Q20/00—Payment architectures, schemes or protocols
 G06Q20/38—Payment protocols; Details thereof
 G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
 G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management

 H—ELECTRICITY
 H04—ELECTRIC COMMUNICATION TECHNIQUE
 H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
 H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
 H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
 H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
Description
This application is related to, and claims priority from, U.S. Provisional Patent Application Serial No. 6/130,944, entitled “Method and Device for Effective Key Length Control,” filed on Apr. 26, 1999, the disclosure of which is incorporated here by reference.
The present invention relates to encryption, and in particular to a method and device for providing a controllable and secure way of determining an encryption key for use in an encryption algorithm.
In communication systems, data is often encrypted before transmission to assure privacy and data integrity. The encryption of data takes place in an encryption algorithm. The encryption algorithm manipulates or encodes the transmission data using other data, mathematical operations and/or other means to perform such encryption. For example, the encryption algorithm utilizes a data parameter known as an encryption key, referred to herein by the variable K′_{c}, in its initialization procedure. The encryption key is created in part from a ciphering key or secret key, referred to herein as K_{c}, where K_{c }is known to both the receiving device and the transmitting device for encrypting and decrypting the data.
Governments regulate export communication parts and devices that are used in the encryption and transmission of data, including but not limited to, encryption software and hardware. Such export regulations differ among different countries. Specifically, governments regulate the maximum allowable key length of ciphering keys available to the export devices. The users who transmit and receive encrypted data would prefer to use the best possible, that is, the longest possible, ciphering key, to maximize security; however, these users are limited by governmental regulations of the ciphering key.
Assume current technology provides for key lengths of the ciphering key, K_{c}, to be between 1 and 160 bytes (8 and 1280 bits). Governments typically limit the maximum allowable ciphering key length to, for example, 7 bytes (56 bits). To go beyond this ciphering key length, a manufacturer would have to apply for an export license. Communication devices, e.g., cellular phones, typically utilize the maximum ciphering key length permitted for the particular device under the applicable export regulations. The maximum ciphering key length should be stored in such a way to prevent users from easily manipulating the parameter to ensure compliance with governmental regulations. For example, this parameter could be stored in READ ONLY memory (ROM). However, from a manufacturing point of view, it is desirable to produce communication devices that are able to work in many different countries, thereby avoiding customization and permitting a user to use the same communication device in different geographic locations. The manufacturer would prefer to make a universal product with a standardized method of encryption that complies with the different regulations set by a variety of governments and also provides a high level of data security.
Currently, an encryption key, K′_{c}, together with other public parameters, such as a master clock, is used in the initialization of an encryption algorithm. Encryption key, K′_{c}, utilizes the ciphering key, K_{c}, and a public random number, designated RAND, in accordance with the following equation:
where L is 1≦L≦min {L^{A} _{max}, L^{B} _{max}} in bytes; and
where RAND [L . . . 15] denotes the bytes L through 15 of RAND.
For exemplary purposes, the maximum usable encryption key length in bytes, L_{max}, is assumed to be 16 bytes, although different encryption key lengths could be used.
As disclosed by the above equation, the encryption key, K′_{c}, is created by affixing a random number to the end of the ciphering key, K_{c}, to complete the entire amount of available bytes for the encryption key length, i.e., 16 bytes in this case. The parameter L represents the smaller ciphering key length allowed between two ciphering key lengths, L^{A} _{max }and L^{B} _{max }of first communication device A and second communication device B which are manufactured under different governmental regulations. In other words, the ciphering key length used in computing the encryption key, K′_{c}, is the lesser of the two ciphering key lengths allowed to be used by the first and second communication devices A and B. Both devices can use encrypted communications with the smaller key length, but only one device can use encrypted communication with the larger key length.
One problem with the above equation for generating encryption key, K′_{c}, is that it is difficult to ensure that the hardware implementing the encryption algorithm is not altered by software that overrides the preset values of L_{max}. Furthermore, the RAND parameter, being public, can be misused to achieve an effective key length is not restricted at all, i.e., K′_{c }has a maximum number of effective key bits.
An alternative solution is to reduce the space provided for the encryption key, K′_{c}, to L bytes in the memory of the communication device to prevent the software from altering this length. This can be accomplished by “masking out” the entire amount of available bytes minus L bytes of the ciphering key, K′_{c}, and ignoring the RAND. For example, in this case, because the maximum encryption key length is assumed to be 16, 16 minus L bytes would be “masked out,” or in other words, replaced with zeros or some other fixed string. The resulting encryption key, K′_{c}, would then consist of K_{c }for the first L bytes and zeros or some other fixed string for the next 16−L bytes (128−8L bits).
However, for small byte values of L, at least two undesirable consequences result from this solution. First, during the initialization of the encryption algorithm, the encryption algorithm shuffles the encryption key, K′_{c}, and determines a starting point of the encryption algorithm. To achieve a strong encryption, the shuffling period would need to be increased because of the “nonrandomness” of the large fixed string in the 16 minus L bytes, where L is small. As the length of the “random” part of the encryption key decreases, the encryption algorithm would ideally increase the shuffling period, or number of iterations performed, in determining a starting point of the encryption key to compensate for the small length of “random” bits to achieve a better encryption. However, the number of the iterations able to be performed is limited by the strict timing requirements set in transmitting/receiving switching. Thus, this creates a risk of a weak encryption.
Second, an unauthorized person attempting to decrypt the encrypted data or performing a “ciphering attack,” would only need to consider or analyze the first L bytes of the ciphering key, K_{c}. In other words, the unauthorized person would only need to analyze the possible combinations of data in L bytes rather than the larger maximum usable encryption key length, in this case, 16 bytes, for small values of L. This creates a risk of unauthorized decryption.
In general, a good encryption algorithm receives as its input, one of, for example, 2^{8L }possible starting points in a binary system. Where L is 16 bytes, a good encryption algorithm would receive 2^{128 }possible starting points in a binary system. Each of the possible combinations of the 8L K′_{c }bits would define one starting point out of the 2^{8L }starting points. An unauthorized person trying to decrypt encrypted data would have to try up to 2^{8L }possible combinations to do so. Fewer starting points are available where governmental regulations have restricted the key length. For example, if a government restricts a ciphering key length to a maximum of 5 bytes (40 bits), an encryption algorithm would have a reduced number of starting points, that is 2^{40 }starting points. Moreover, if one considers the space, or memory, available for storing all the possible 2^{8L }starting points, current technology typically restricts the total available memory to a specific area of the memory for storing the reduced number of starting points and does not use the remaining part of the memory. The remaining positions are constant. Thus, an unauthorized person trying to decrypt encrypted data would only have to analyze 2^{40 }starting points and the unauthorized person would know where such starting points where located in memory.
Accordingly, to overcome the abovementioned problems, the present invention describes a method by which when an encryption key, K′_{c}, is generated, the total possible starting points are restricted to a subset of 2^{8L }starting points, where the subsets are different each time a new K′_{c }is generated over the total available memory or space. Thus, the starting points are no longer stored in the same location after every generation of a new encryption key, K′_{c}.
In addition, the present invention provides an interface between the generator of the ciphering key, K_{c}, in a communications system and the ciphering device that uses the ciphering key in encrypting data. The interface provides a controllable and secure way of limiting the key length to conform to the effective key length set by governmental regulations by including an addition or modulus function in the calculation of the encryption key, K′_{c}.
Moreover, the present invention provides for communication between two devices that are regulated by different governments setting different maximum ciphering key lengths.
Furthermore, the present invention provides for an encryption key, K′_{c}, where the “randomness” is spread over all the possible combinations of starting points for input into the encryption algorithm of the ciphering device.
The above and other advantages of the present invention are carried out in one form by a communication device for determining an encryption key for use in an encryption algorithm. The communication device comprises a memory element for storing one or more polynomials; a plurality of switching elements, each having a first input, a second input and an output, where the switching element first inputs are connected to the memory element; a plurality of delay elements, each having an input and an output, where the output of one delay element is connected to the switching element second inputs; and a plurality of addition or modulo functions, each having a first input, a second input and an output, where the modulo first inputs are connected to all but one of the delay element outputs, where the modulo second inputs are connected to all but one of the switching element outputs and where the modulo outputs are connected to all but one of the delay element inputs. The delay elements may be in the form of a shift register.
The above and other advantages of the present invention are also carried out in another form by a method for calculating an encryption key, K′_{c}(x), for use in an encryption algorithm. The method comprises the steps of obtaining a ciphering key, K_{c}(x); determining a maximum ciphering key length, L; determining a maximum available encryption key length, L_{max}, obtaining a polynomial g_{1}(x), wherein the highest degree is equal to L_{max}; obtaining a polynomial g_{2}(x), for spreading starting points of said encryption key, K′_{c}(x); and calculating the encryption key, K′_{c}(x), where K′_{c}(x)=g_{2} ^{(L)}(x)[K_{c}(x) mod g_{1} ^{(L)}(x)].
A more complete understanding of the present invention may be derived by referring to the detailed description and claims when considered in connection with the Figures where:
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular circuits, circuit components, techniques, etc. in order to provide a thorough understanding of the present invention. However, it will be apparent to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of wellknown methods, devices, and circuits are omitted so as not to obscure the description of the present invention.
To ensure conformance to a regulated key length and improve the encryption of a data transmission between two or more devices, an encryption key, K′_{c}, is determined or calculated and input into an encryption algorithm in accordance with the present invention according to the following formula:
K′ _{c}(x)=g _{2} ^{(L)}(x)[K _{c}(x) mod g _{1} ^{(L)}(x)] (Eq. 2)
where:

 L is the maximum restricted ciphering key length in bytes and is 1≦L<min {L^{A} _{max}, L^{B} _{max}}, and deg (g_{1}(x))+deg (g_{2}(x))≦wL for all L bytes where w is a word length in bits.
The encryption key, K′_{c}, is written above in terms of a polynomial expression for exemplary purposes.
As disclosed in Eq. 2, the encryption key, K′_{c}, is based in part on the ciphering key, K_{c}. The ciphering key, K_{c}, can be obtained in any suitable way now known or later discovered. For example, the ciphering key, K_{c}, can be independently communicated to a Device A and a Device B from a third device to facilitate encryption and decryption. Alternatively, Device A can have ciphering key, K_{c}, stored and can communicate this to Device B. Assume current technology permits a ciphering key length to be between 1 and 160 bytes (8 and 1280 bits) in length. However, the governments from which Device A and Device B are exported have placed certain restrictions on the maximum length of the ciphering key. For example, assume Device A can communicate with a maximum key length of 5 bytes (40 bits) and Device B can communicate with a maximum key length of 7 bytes (56 bits). Once it is determined that Device A desires to transmit data to Device B, Device A and Device B “negotiate” an acceptable maximum key length, L, with which they can both communicate. Specifically, Device A and Device B will transmit and receive data to and from each other that specifies each devices's maximum key length. In this example, because L^{A} _{max}, is 40 bits and L^{B} _{max }is 56 bits, the devices will “agree” to communicate with a maximum ciphering key length, L, of the lesser key length, or 40 bits.
Thus, in accordance with the present invention, the maximum possible key length is restricted to the minimum of the maximum key lengths between the Devices A and B. This key length restriction is implemented in the encryption through the addition or modulo function and the selection of the polynomial g_{1}(x).
In an exemplary embodiment, g_{1}(x) may be represented as the following polynomial:
where w equals a word length and L equals a number of words of ciphering key.
The polynomial g_{1}(x) is created such that the highest degree of the polynomial will be that of the maximum allowable key length in bits. For example, if the word length is 8 bits and the number of words is 5, the highest degree of the g_{1}(x) polynomial will be 40. Thus, the polynomial g_{1}(x) could be, for example, as follows:
g _{1}(x)=Ax ^{40} +Bx ^{39} +Cx ^{38} + . . . +Dx+E, A≠0 (Eq. 4)
The addition or modulo operation ensures that the key length is wL bits since the maximum degree of the remainder cannot exceed one less than the highest degree of the denominator. In this example, the computation of the operation K_{c}(x) mod g_{1} ^{(L)}(x) will yield a result where the highest degree possible is one less than 40, i.e., 39. The result has 40 bits which complies with the maximum allowable key length.
The polynomial g_{1}(x) can be accessed from a table, for example, which identifies an appropriate g_{1}(x) polynomial for a given L. This table is preferably located in the hardware so that the available g_{1}(x) polynomials are secure. The g_{1}(x) polynomials are thus protected from tampering to ensure compliance with governmental regulations. It will be recognized that a table is one way to store or obtain g_{1}(x) polynomials but that other ways known in the art may also be used.
As discussed above, a good encryption algorithm receives as its input, one of 2^{8L }possible starting points in a binary system, L being the maximum ciphering key length possible in bytes. Each of the possible combinations of the 8L K′_{c}, bits would define one starting point out of the 2^{8L }starting points. An unauthorized person trying to decrypt encrypted data would have to try up to 2^{8L }possible combinations to do so.
For example, if L equals 16 bytes, a good encryption algorithm receives as its input, one of 2^{128 }possible starting points in a binary system. Each of the possible combinations of the 128 K′_{c }bits would define one starting point out of the 2^{128 }starting points. An unauthorized person trying to decrypt encrypted data would have to try up to 2^{128 }possible combinations to do so.
In the above example with Device A and Device B, an encryption algorithm would have a reduced number of starting points because of the smaller value of L, that is 2^{40 }starting points. Current technology typically restricts the total available memory (in this case, 2^{40 }possible starting points) to a specific area of the memory for storing the reduced number of starting points and does not use the remaining part of the memory. The remaining positions are constant. Thus, in this example under current technology, an unauthorized person trying to decrypt encrypted data would only have to analyze 2^{40 }starting points and the unauthorized person would know where such starting points were located in memory.
In other words, if the encryption key, K′_{c}(x), resulted solely from K_{c}(x) mod g_{1} ^{(L)}(x), K′_{c}(x) would be stored in one specific part of memory according to current technology. The other bits would be zero or some other fixed string. The starting points would then be located in a specific subset of all the possible starting points. To increase the strength of the encryption, however, it is beneficial to have the starting points spread out over all the possible bits.
Hamming distance is a value that reflects the number of distinct bits in two data strings. The greater the Hamming distance among the possible starting points, the better the encryption. If the starting points are always located in a specific subset of positions, the Hamming distance, and thus the encryption, will be poor. The present invention provides a method and device by which the starting points are spread out in a more effective way rather than being confined to a specific subset of bits so that the minimum distance between the starting points becomes larger.
This concept of increasing the distance or “spreading” is known in the art. For example, error correction coding uses this concept for a different application. Thus, to spread out the starting points over the possible bit range, the result of the K_{c}(x) mod g_{1} ^{(L)}(x) operation is multiplied by a polynomial g_{2}(x), where an exemplary g_{2}(x) polynomial is as follows:
where w equals a word length, L equals a number of words of the ciphering key and L_{max }equals a maximum number of words usable in the encryption key.
The multiplication of g_{2}(x) with the result of K_{c}(x) mod g_{1} ^{(L)}(x) will “spread” the result of K_{c}(x) mod g_{1} ^{(L)}(x) over the entire bit area. The appropriate g_{2}(x) polynomial will be selected based upon a given L as is currently known in the art. That is, for different key lengths, L, different coefficients of the g_{2}(x) polynomial are selected to more effectively achieve desirable Hamming distances. For small values of L, one set of coefficients might achieve desirable Hamming distances while for large values of L, a different set of coefficients would be more appropriate to achieve desirable Hamming distances. In the binary case, g_{2}(x) may be found as a generator polynomial of a BCH errorcorrecting code. The g_{2}(x) polynomials can be stored either in a table which relates appropriate g_{2}(x) polynomials for a given L. This table may be the same table in which g_{1}(x) is stored or in another table. The g_{2}(x) polynomials may be stored either in hardware or in software of the ciphering device. It will be recognized that a table is one way to store an retrieve g_{2}(x) polynomials but that other ways known in the art may also be used. Alternatively, the g_{2}(x) polynomials may be obtained from memory at some other location, i.e., not located within the ciphering device.
K′_{c}(x) results from this multiplication. K′_{c}(x) is input into an encryption algorithm for use in encrypting data.
Memory element 202 stores polynomial g_{1}(x). Memory element 202 may be a lookup table or some other arrangement of stored information. Memory element 202 may also store polynomial g_{2}(x). Alternatively, g_{2}(x) may be stored in some other location within communication device 200 or may be obtained from some other location external to, but accessible to, communication device 200. For exemplary purposes, memory element 202 is described herein as storing both g_{1}(x) and g_{2}(x). The functions g_{1}(x) and g_{2}(x) are polynomials having specified coefficients, e.g., those described above.
Switching elements or AND gates 204 each have a first input, a second input and one output. Memory element 202 is connected to the first inputs of AND gates 204. Each delay element 206 has one input and one output. Delay elements 206 can be implemented as a shift register. The output of one of the AND gates 204 a is connected to the input of a first delay element 206 a. Modulo functions 208 each have a first input, a second input and one output. The outputs of the remaining AND gates 204 are connected to first inputs of modulo functions 208. The outputs of all delay elements 206, except for a last delay element 206 b, are connected to the second inputs of modulo functions 208. The output of the last delay element 206 b is connected to the second input of AND gates 204. The outputs of modulo functions 208 are connected to the inputs of all delay elements 206 but first delay element 206 a.
For exemplary purposes, assume a binary scheme for simplicity; however, those skilled in the art will appreciate that the present invention is equally applicable to other symbol representations.
Initially, communication devices 100, 102 as shown in
Referring again to
Delay elements 206 are initialized with the coefficients of the ciphering key, K_{c}(x) (as shown in shift register 306 a of
Ciphering key, K_{c}(x), is initially located in delay elements 206 (or a shift register as shown in 306 a in FIG. 3). As the above described, computations are performed utilizing the ciphering key, K_{c}(x). Ciphering key, K_{c}(x), is shifted out of delay elements 206. The output of last delay element 206 b is input into AND gates 204 at those positions where AND gates 204 are closed. After the completion of w(L_{max}−L) shifts, delay elements 206 contain the result of the exclusiveor function, K_{c}(x) mod g_{1} ^{(L)}(x) in the last wL spaces (as shown in shift register 306 b in FIG. 3). As stated above, this computation ensures that the maximum key length of the ciphering key, K_{c}(x), does not exceed the governmental regulations of the maximum permitted key length.
After the completion of w(L_{max}−L) shifts, g_{2}(x) is input into AND gates 204. In contrast to g_{1}(x), g_{2}(x) is a polynomial where the first w(L_{max}−L) coefficients can be nonzero numbers and the last wL coefficients are zeros. The above process continues for wL more shifts. The wL bits resulting from exclusiveor functions have now been “spread” over the area. The result in delay elements 206 (as shown in shift register 210 c in
For exemplary purposes, assume w equals 8, L equals 5, L_{max}, equals 16. Assume again a binary scheme for simplicity.
Referring again to
Delay elements 206 are initialized with the coefficients of the ciphering key, K_{c}(x). These coefficients, as well as the outputs of AND gates 204, are input into exclusiveor functions 208. (The initial inputs of AND gates 204 are a string of zeros and the g_{1}(x) coefficients as described above.) The outputs of exclusiveor functions 208 are input into all AND gates 206, except for first AND gate 206 a. The output of last delay element 206 b is input into AND gates 204 at those positions where AND gates 204 are closed. This process is then repeated as data is shifted.
Ciphering key, K_{c}(x), is initially located in 128 delay elements 206 (or in a 128 bit shift register as shown in 306 a in FIG. 3). As the above described computations are performed utilizing the ciphering key, K_{c}(x). Ciphering key, K_{c}(x), is shifted out of delay element 206. The output of last delay element 206 b is input into AND gates 204. After the completion of 12840, or 88 shifts, delay elements 206 contain the result of the exclusiveor function, K_{c}(x) mod g_{1} ^{(L)}(x) in the last 40 spaces.
The g_{2}(x) coefficients are then input into AND gates 204. The above process continues for 40 more shifts, or a total of 128 shifts. The 40 bits resulting from exclusiveor function have now been “spread” over the area. The result in delay elements 206 (or in shift register 306 c as shown in
The present invention has been described above with reference to preferred embodiments. However, those skilled in the art will recognize that changes and modifications may be made without departing from the scope of the present invention. For example, although the present invention describes a method and device where the maximum ciphering key length, L, is 5 bytes, and the maximum usable encryption key length, L_{max}, is 16 bytes, it will be appreciated that the present invention is not so limited to these lengths. In addition, it will also be appreciated that the data being transmitted and received is not limited to any particular type of data. It may constitute voice, written or other data. It may be binary, ASCII or any other form of data. In addition, the data may be transmitted over any media now known, such a wires or air waves, or later discovered.
Claims (28)
Priority Applications (2)
Application Number  Priority Date  Filing Date  Title 

US13094499P true  19990426  19990426  
US09/461,766 US6947560B1 (en)  19990426  19991215  Method and device for effective key length control 
Applications Claiming Priority (12)
Application Number  Priority Date  Filing Date  Title 

US09/461,766 US6947560B1 (en)  19990426  19991215  Method and device for effective key length control 
CN 200410049318 CN1332524C (en)  19990426  20000411  Method and device for effective key length control 
CN 00806757 CN1282323C (en)  19990426  20000411  Method and device for effective key length control 
AT00931061T AT298481T (en)  19990426  20000411  Method and apparatus for efficient control of a key length 
BR0010029A BR0010029B1 (en)  19990426  20000411  Communication Device and method for calculating an encryption key, and system for communicating encrypted data between two communication devices 
PCT/EP2000/003284 WO2000065768A1 (en)  19990426  20000411  Method and device for effective key length control 
DE2000620953 DE60020953T2 (en)  19990426  20000411  Method and apparatus for efficient control of a key length 
JP2000614599A JP4668428B2 (en)  19990426  20000411  Effective key length control method and apparatus 
EP20000931061 EP1171971B1 (en)  19990426  20000411  Method and device for effective key length control 
AU49130/00A AU4913000A (en)  19990426  20000411  Method and device for effective key length control 
CO00029649A CO5300374A1 (en)  19990426  20000425  Method and device for effective control of the key length 
ARP000101976 AR023605A1 (en)  19990426  20000426  Method and device for effective control of the key length 
Publications (1)
Publication Number  Publication Date 

US6947560B1 true US6947560B1 (en)  20050920 
Family
ID=26828998
Family Applications (1)
Application Number  Title  Priority Date  Filing Date 

US09/461,766 Active US6947560B1 (en)  19990426  19991215  Method and device for effective key length control 
Country Status (11)
Country  Link 

US (1)  US6947560B1 (en) 
EP (1)  EP1171971B1 (en) 
JP (1)  JP4668428B2 (en) 
CN (2)  CN1282323C (en) 
AR (1)  AR023605A1 (en) 
AT (1)  AT298481T (en) 
AU (1)  AU4913000A (en) 
BR (1)  BR0010029B1 (en) 
CO (1)  CO5300374A1 (en) 
DE (1)  DE60020953T2 (en) 
WO (1)  WO2000065768A1 (en) 
Cited By (9)
Publication number  Priority date  Publication date  Assignee  Title 

US20030229804A1 (en) *  20020222  20031211  Rahul Srivastava  System for monitoring managed server health 
US20070046424A1 (en) *  20050831  20070301  Davis Michael L  Device authentication using a unidirectional protocol 
US20070058814A1 (en) *  20050913  20070315  Avaya Technology Corp.  Method for undetectably impeding key strength of encryption usage for products exported outside the U.S. 
US20080037775A1 (en) *  20060331  20080214  Avaya Technology Llc  Verifiable generation of weak symmetric keys for strong algorithms 
US20080215918A1 (en) *  20020222  20080904  Bea Systems, Inc.  Method for monitoring server subsystem health 
US20100162000A1 (en) *  20030324  20100624  Fuji Xerox Co., Ltd.  Data security in an information processing device 
US20110235804A1 (en) *  20050823  20110929  Alan Michael Snyder  Techniques for watermarking and distributing content 
US8358783B2 (en)  20080811  20130122  Assa Abloy Ab  Secure wiegand communications 
US20170070481A1 (en) *  20150903  20170309  Pilixo Limited  Communication channel security against packet sniffing 
Families Citing this family (2)
Publication number  Priority date  Publication date  Assignee  Title 

US6931130B1 (en) *  19991007  20050816  International Business Machines Corporation  Dynamically adjustable software encryption 
JP2007500376A (en)  20030523  20070111  コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィＫｏｎｉｎｋｌｉｊｋｅ Ｐｈｉｌｉｐｓ Ｅｌｅｃｔｒｏｎｉｃｓ Ｎ．Ｖ．  Method and apparatus for low memory hardware implementation of the key expansion function 
Citations (22)
Publication number  Priority date  Publication date  Assignee  Title 

US4649419A (en) *  19821220  19870310  La Radiotechnique  Pseudorandom binary sequency generator 
US4760600A (en) *  19870213  19880726  Oki Electric Industry Co., Ltd.  Cipher system 
US4797921A (en) *  19841113  19890110  Hitachi, Ltd.  System for enciphering or deciphering data 
US5199072A (en)  19920203  19930330  Motorola, Inc.  Method and apparatus for restricting access within a wireless local area network 
US5278905A (en)  19920513  19940111  At&T Bell Laboratories  Method and apparatus for processor base encryption 
WO1997005720A2 (en)  19950727  19970213  Nextlevel Systems, Inc.  Cryptographic system with concealed work factor 
US5631962A (en)  19951023  19970520  Motorola, Inc.  Circuit and method of encrypting key validation 
US5710814A (en) *  19960723  19980120  Cheyenne Property Trust  Cryptographic unit touch point logic 
US5724428A (en) *  19951101  19980303  Rsa Data Security, Inc.  Block encryption algorithm with datadependent rotations 
US5727063A (en) *  19951127  19980310  Bell Communications Research, Inc.  Pseudorandom generator 
US5729559A (en) *  19950327  19980317  Motorola, Inc.  Method and apparatus for correcting errors using multiple estimates 
US5778074A (en) *  19950629  19980707  Teledyne Industries, Inc.  Methods for generating variable Sboxes from arbitrary keys of arbitrary length including methods which allow rapid key changes 
US5799087A (en) *  19940428  19980825  Citibank, N.A.  Electronicmonetary system 
US5815573A (en) *  19960410  19980929  International Business Machines Corporation  Cryptographic key recovery system 
US5825890A (en) *  19950825  19981020  Netscape Communications Corporation  Secure socket layer application program apparatus and method 
US5850443A (en) *  19960815  19981215  Entrust Technologies, Ltd.  Key management system for mixedtrust environments 
US5862159A (en) *  19960911  19990119  Texas Instruments Incorporated  Parallelized cyclical redundancy check method 
US5883956A (en)  19960328  19990316  National Semiconductor Corporation  Dynamic configuration of a secure processing unit for operations in various environments 
US5917912A (en) *  19950213  19990629  Intertrust Technologies Corporation  System and methods for secure transaction management and electronic rights protection 
US5937066A (en) *  19961002  19990810  International Business Machines Corporation  Twophase cryptographic key recovery system 
US6252958B1 (en) *  19970922  20010626  Qualcomm Incorporated  Method and apparatus for generating encryption stream ciphers 
US6438691B1 (en) *  19960401  20020820  HewlettPackard Company  Transmitting messages over a network 
Family Cites Families (4)
Publication number  Priority date  Publication date  Assignee  Title 

US5008938A (en) *  19900309  19910416  Motorola, Inc.  Encryption apparatus 
US5323464A (en) *  19921016  19940621  International Business Machines Corporation  Commercial data masking 
US5345507A (en) *  19930908  19940906  International Business Machines Corporation  Secure message authentication for binary additive stream cipher systems 
CN1089205C (en) *  19940924  20020814  西安电子科技大学  Highspeed data disordering method 

1999
 19991215 US US09/461,766 patent/US6947560B1/en active Active

2000
 20000411 WO PCT/EP2000/003284 patent/WO2000065768A1/en active IP Right Grant
 20000411 EP EP20000931061 patent/EP1171971B1/en active Active
 20000411 CN CN 00806757 patent/CN1282323C/en active IP Right Grant
 20000411 DE DE2000620953 patent/DE60020953T2/en active Active
 20000411 AT AT00931061T patent/AT298481T/en not_active IP Right Cessation
 20000411 JP JP2000614599A patent/JP4668428B2/en active Active
 20000411 BR BR0010029A patent/BR0010029B1/en active IP Right Grant
 20000411 AU AU49130/00A patent/AU4913000A/en not_active Abandoned
 20000411 CN CN 200410049318 patent/CN1332524C/en active IP Right Grant
 20000425 CO CO00029649A patent/CO5300374A1/en not_active Application Discontinuation
 20000426 AR ARP000101976 patent/AR023605A1/en unknown
Patent Citations (22)
Publication number  Priority date  Publication date  Assignee  Title 

US4649419A (en) *  19821220  19870310  La Radiotechnique  Pseudorandom binary sequency generator 
US4797921A (en) *  19841113  19890110  Hitachi, Ltd.  System for enciphering or deciphering data 
US4760600A (en) *  19870213  19880726  Oki Electric Industry Co., Ltd.  Cipher system 
US5199072A (en)  19920203  19930330  Motorola, Inc.  Method and apparatus for restricting access within a wireless local area network 
US5278905A (en)  19920513  19940111  At&T Bell Laboratories  Method and apparatus for processor base encryption 
US5799087A (en) *  19940428  19980825  Citibank, N.A.  Electronicmonetary system 
US5917912A (en) *  19950213  19990629  Intertrust Technologies Corporation  System and methods for secure transaction management and electronic rights protection 
US5729559A (en) *  19950327  19980317  Motorola, Inc.  Method and apparatus for correcting errors using multiple estimates 
US5778074A (en) *  19950629  19980707  Teledyne Industries, Inc.  Methods for generating variable Sboxes from arbitrary keys of arbitrary length including methods which allow rapid key changes 
WO1997005720A2 (en)  19950727  19970213  Nextlevel Systems, Inc.  Cryptographic system with concealed work factor 
US5825890A (en) *  19950825  19981020  Netscape Communications Corporation  Secure socket layer application program apparatus and method 
US5631962A (en)  19951023  19970520  Motorola, Inc.  Circuit and method of encrypting key validation 
US5724428A (en) *  19951101  19980303  Rsa Data Security, Inc.  Block encryption algorithm with datadependent rotations 
US5727063A (en) *  19951127  19980310  Bell Communications Research, Inc.  Pseudorandom generator 
US5883956A (en)  19960328  19990316  National Semiconductor Corporation  Dynamic configuration of a secure processing unit for operations in various environments 
US6438691B1 (en) *  19960401  20020820  HewlettPackard Company  Transmitting messages over a network 
US5815573A (en) *  19960410  19980929  International Business Machines Corporation  Cryptographic key recovery system 
US5710814A (en) *  19960723  19980120  Cheyenne Property Trust  Cryptographic unit touch point logic 
US5850443A (en) *  19960815  19981215  Entrust Technologies, Ltd.  Key management system for mixedtrust environments 
US5862159A (en) *  19960911  19990119  Texas Instruments Incorporated  Parallelized cyclical redundancy check method 
US5937066A (en) *  19961002  19990810  International Business Machines Corporation  Twophase cryptographic key recovery system 
US6252958B1 (en) *  19970922  20010626  Qualcomm Incorporated  Method and apparatus for generating encryption stream ciphers 
NonPatent Citations (3)
Title 

Mihalijevic', Miodrag, "A Fast and Secure Cipher Based on Celluar Automation Over GF(q)", 1998, IEEE. * 
Park, Stephen and Miller, Keith, "Random Number Generators: Good Ones are Hard to Find", 1988, vol. 31, No. 10 pp. 11921201. * 
Shaheen, Kamel M., Code Book Cipher System, 1994, IEEE, pp. 68. * 
Cited By (17)
Publication number  Priority date  Publication date  Assignee  Title 

US20080215918A1 (en) *  20020222  20080904  Bea Systems, Inc.  Method for monitoring server subsystem health 
US7849367B2 (en)  20020222  20101207  Oracle International Corporation  Method for performing a corrective action upon a subsystem 
US7849368B2 (en)  20020222  20101207  Oracle International Corporation  Method for monitoring server subsystem health 
US7287075B2 (en) *  20020222  20071023  Bea Systems, Inc.  System for monitoring managed server health 
US20030229804A1 (en) *  20020222  20031211  Rahul Srivastava  System for monitoring managed server health 
US20100162000A1 (en) *  20030324  20100624  Fuji Xerox Co., Ltd.  Data security in an information processing device 
US8301908B2 (en) *  20030324  20121030  Fuji Xerox Co., Ltd.  Data security in an information processing device 
US20110235804A1 (en) *  20050823  20110929  Alan Michael Snyder  Techniques for watermarking and distributing content 
US8183980B2 (en)  20050831  20120522  Assa Abloy Ab  Device authentication using a unidirectional protocol 
US20070046424A1 (en) *  20050831  20070301  Davis Michael L  Device authentication using a unidirectional protocol 
US20070058814A1 (en) *  20050913  20070315  Avaya Technology Corp.  Method for undetectably impeding key strength of encryption usage for products exported outside the U.S. 
US7873166B2 (en)  20050913  20110118  Avaya Inc.  Method for undetectably impeding key strength of encryption usage for products exported outside the U.S 
US20080037775A1 (en) *  20060331  20080214  Avaya Technology Llc  Verifiable generation of weak symmetric keys for strong algorithms 
US8358783B2 (en)  20080811  20130122  Assa Abloy Ab  Secure wiegand communications 
US8923513B2 (en)  20080811  20141230  Assa Abloy Ab  Secure wiegand communications 
US8943562B2 (en)  20080811  20150127  Assa Abloy Ab  Secure Wiegand communications 
US20170070481A1 (en) *  20150903  20170309  Pilixo Limited  Communication channel security against packet sniffing 
Also Published As
Publication number  Publication date 

AT298481T (en)  20050715 
CN1332524C (en)  20070815 
EP1171971A1 (en)  20020116 
BR0010029B1 (en)  20140204 
DE60020953T2 (en)  20051201 
EP1171971B1 (en)  20050622 
DE60020953D1 (en)  20050728 
JP2002543667A (en)  20021217 
CN1282323C (en)  20061025 
AR023605A1 (en)  20020904 
AU4913000A (en)  20001110 
CN1348646A (en)  20020508 
JP4668428B2 (en)  20110413 
BR0010029A (en)  20020115 
CN1558592A (en)  20041229 
WO2000065768A1 (en)  20001102 
CO5300374A1 (en)  20030731 
Similar Documents
Publication  Publication Date  Title 

US6898288B2 (en)  Method and system for secure key exchange  
US9112860B2 (en)  Method and apparatus for mutual authentication  
US4322577A (en)  Cryptosystem  
KR101389100B1 (en)  A method and apparatus to provide authentication and privacy with low complexity devices  
KR101095239B1 (en)  Secure communications  
KR0168504B1 (en)  Method and apparatus for encryption having a feedback register with selectable taps  
CN101753292B (en)  Methods and devices for a chained encryption mode  
JP3505482B2 (en)  Encrypting apparatus, decoding apparatus and expanded key generation device, the expanded key generation method, and recording medium  
US5295188A (en)  Public key encryption and decryption circuitry and method  
CA2280775C (en)  Cyclotomic polynomial construction of discrete logarithm cryptosystems over finite fields  
CN100592687C (en)  Encryption communication system for generating passwords on the basis of start information on both parties of communication  
EP1440535B1 (en)  Memory encrytion system and method  
CA2583741C (en)  An algorithm to create and validate a one time password  
US6226382B1 (en)  Method for implementing a privatekey communication protocol between two processing devices  
US6292896B1 (en)  Method and apparatus for entity authentication and session key generation  
CN1142653C (en)  Dynamic password authentication system and method  
US6995692B2 (en)  Data converter and method thereof  
EP0467239A2 (en)  An encryption system based on Chaos theory  
US20020034295A1 (en)  Cryptographic method and apparatus for nonlinearly merging a data block and a key  
US7532721B2 (en)  Implementation of a switchbox using a subfield method  
EP0677939A2 (en)  Wireless communications privacy method and system  
US5598476A (en)  Random clock compositionbased cryptographic authentication process and locking system  
US8332643B2 (en)  Establishing secure mutual trust using an insecure password  
JP3406157B2 (en)  Remote control device  
RU2175465C2 (en)  Method for crypto key exchange between user's and network computer units 
Legal Events
Date  Code  Title  Description 

AS  Assignment 
Owner name: TELEFONAKTIEBOLAGET L M ERICSSON, SWEDEN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SMEETS, BEN;HANSSON, MATTIAS;PERSSON, JOAKIM;REEL/FRAME:010599/0885;SIGNING DATES FROM 20000223 TO 20000228 

CC  Certificate of correction  
FPAY  Fee payment 
Year of fee payment: 4 

FPAY  Fee payment 
Year of fee payment: 8 

FPAY  Fee payment 
Year of fee payment: 12 